Publications

Agreement on the EU Data Protection Regulation

Data Protection Alert

Share this

21 DEC 2015

On 15 December 2015 the European Commission, the Parliament and the Council reached an agreement on the General Data Protection Regulation (GDPR) and the European data protection reform after years of negotiations. The final texts will be formally adopted by the Parliament and Council at the beginning 2016, and the GDPR will become applicable in early 2018.

Key changes include the following:

Territorial scope: The GDPR applies regardless of whether the processing takes place in the EU/EEA or not, and regardless of where the company processing data is established, if it offers goods or services in the EU/EEA or monitors the behaviour of data subjects in the EU/EEA.

Accountability: Those controlling and processing data will be responsible for and have to be able to demonstrate compliance with the GDPR.

Consent: Consent needs to be explicit. The data controller must be able to demonstrate upon demand that consent was given by the data subject to the processing of their personal data. If the service is provided on the condition that the data subject gives his/her consent and the processing of data is not necessary for the actual performance of the contract, consent will not be valid.

Child’s consent: The processing of personal data of a child below the age of 16 years (or if a Member State regulates a lower age limit which may not be below 13 years) will only be lawful with parental approval.

Data breach notifications: Notification of a personal data breach must be made to the supervisory authority within 72 hours of the breach if the personal data breach is likely to result in a risk for the rights and freedoms of individuals.

Data portability: Data subjects will have the right to access his/her data and the right to transmit the data from one controller to another.

DPOs: Companies will be required to appoint a Data Protection Officer if i.e. data processing is a core activity or if sensitive data is processed on a large scale.

Sanctions for non-compliance: up to 4 per cent of the total worldwide annual turnover of the company.

Related services

DLA Piper is a global law firm with lawyers located in more than 40 countries throughout the Americas, Europe, the Middle East, Africa and Asia Pacific, positioning us to help clients with their legal needs around the world.

DLA Piper is a global law firm with lawyers located in more than 40 countries throughout the Americas, Europe, the Middle East, Africa and Asia Pacific, positioning us to help clients with their legal needs around the world.